Integrations and dependencies of the Vulnerability Response Patch Orchestration with the Microsoft SCCM application

  • Release version: Zurich
  • Updated September 5, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrations and dependencies of the Vulnerability Response Patch Orchestration with the Microsoft SCCM application

    The Vulnerability Response Patch Orchestration integration with Microsoft System Center Configuration Manager (SCCM) enables ServiceNow customers to orchestrate patch management by leveraging SCCM data. This integration requires several ServiceNow applications and dependencies, all available from the ServiceNow® Store, some of which may need separate subscriptions. Proper application version compatibility is crucial and can be verified via the Vulnerability Response Compatibility Matrix and Release Schema Changes documentation.

    Show full answer Show less

    Required Applications and Dependencies

    • Vulnerability Response
    • Vulnerability Solution Management
    • Vulnerability Response Patch Orchestration application
    • Vulnerability Response Patch Orchestration with Microsoft SCCM application
    • Security Support Common
    • Security Support Orchestration
    • Service Graph connector with SCCM

    These components collectively enable viewing and managing patch orchestration data and updates both in classic UI and workspaces of the Vulnerability Response application.

    Key Tables in the Vulnerability Response Patch Orchestration Application

    • Patch Update [snvulpatchorchupdate]: Stores patch availability information across instances.
    • Device Update [snvulpatchorchm2msrcciupdate]: Contains data about deployed patches and their deployment status linked to discovered items.
    • Collection [snvulpatchorchcollection]: Stores collection data from various SCCM instances.
    • Device Collection [snvulpatchorchm2msrccicollection]: Maintains data about collections and their associated discovered items.
    • Patch Deployment [snvulpatchorchdeployment]: Tracks patch deployments associated with collections and configuration items (CIs).
    • Potential Patch [snvulpatchorchm2mvulnpatch]: Links patches to vulnerabilities to identify possible remediation patches.

    Microsoft SCCM Patch Orchestration Integrations

    ServiceNow provides a set of orchestrated integrations with Microsoft SCCM to automate patch data ingestion and management. After installing the SCCM Patch Orchestration Integration application, these integrations can be accessed under Integrations > SCCM Patch Orchestration Integration > Integrations in ServiceNow.

    • Microsoft SCCM Collection Integration: Runs daily as the first step in the integration chain to retrieve SCCM device collections.
    • Microsoft SCCM Device Collection Integration: Triggered after collection retrieval, runs daily or on-demand to fetch devices within collections and create corresponding discovered item and device collection records.
    • Microsoft SCCM Patch Update Integration: Triggered post device collection integration, runs daily or on-demand to gather patch installation and missing patch data from SCCM for discovered devices.
    • Microsoft SCCM Deployments Integration: Runs after patch update integration, daily or on-demand, to retrieve scheduled patch deployments from SCCM.

    These integrations operate on scheduled intervals to keep Vulnerability Response updated with the latest SCCM patch and device data, enabling efficient vulnerability remediation and patch orchestration workflows.

    The following product and dependency applications are required for the Vulnerability Response Patch Orchestration with Microsoft System Center Configuration Manager (SCCM) integration. These applications are available in the ServiceNow® Store

    Available versions of applications and dependencies required for the patch orchestration integration

    To view patch orchestration data and available updates (patches) in the workspaces and the classic UI in Vulnerability Response, the following applications are required. All applications listed are available in the ServiceNow® Store. Some applications require separate subscriptions.

    For more information about version compatibility with the required applications and family releases, refer to the KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes article in the HI Knowledge Base.

    Application and release version
    Vulnerability Response
    Vulnerability Solution Management
    Vulnerability Response Patch Orchestration application
    Vulnerability Response Patch Orchestration with Microsoft SCCM application
    Security Support Common
    Security Support Orchestration
    Service Graph connector with SCCM

    Vulnerability Response patch orchestration application tables

    The Vulnerability Response Patch Orchestration application contains the following tables:

    Table Description
    Patch Update [sn_vul_patch_orch_update] Stores information about the patches that are available on distinct instances.
    Device Update [sn_vul_patch_orch_m2m_src_ci_update] Stores data about the deployed patches, along with deployment status, that are on displayed on discovered item records.
    Collection [sn_vul_patch_orch_collection] Stores collection data from distinct instances.
    Device Collection [sn_vul_patch_orch_m2m_src_ci_collection] Stores collections data about discovered items.
    Patch Deployment [sn_vul_patch_orch_deployment] Stores information about deployed patches about Collections and CIs.
    Potential Patch [sn_vul_patch_orch_m2m_vuln_patch] Stores data about patches and vulnerabilities that identify the patches that might be used to resolve a vulnerability.

    Vulnerability Response Patch Orchestration with Microsoft SCCM integrations

    The integrations developed by ServiceNow® engineering make up the orchestrated solution deployment with the Microsoft SCCM product. The following integrations are included with the Microsoft SCCM Patch Orchestration Integration application that you download from the ServiceNow® Store.

    After you install the integration application on your ServiceNow AI Platform instance, to view these integrations, navigate to Integrations > SCCM Patch Orchestration Integration > Integrations. The Vulnerability Response application processes data on scheduled time intervals imported by these integrations with Microsoft SCCM endpoints.

    Integration Description
    Microsoft SCCM Collection Integration
    • This integration is scheduled to run daily and runs first in the chained integration run.
    • Retrieves the device collections from the SCCM Collections.
    Microsoft SCCM Device Collection Integration
    • When scheduled, this integration is triggered by the completion of the SCCM Collection Integration. You can also run it on-demand.
    • This integration fetches the devices under each collection. This integration creates records in the discovered items table and Device Collection table.
    Microsoft SCCM Patch Update Integration
    • When scheduled, this integration is triggered by the completion of the SCCM Device Collection Integration. You can also run it on-demand.
    • Retrieves information from the SCCM server about the Patches that are either installed or missing on devices (assets).
    Microsoft SCCM Deployments Integration
    • When scheduled, this integration is triggered by the completion of the Patch Update Integration. You can also run it on-demand.
    • Retrieves information about the patches scheduled by the IT team in the SCCM server.